I keep struggling trying to work out what modules I need to use for some of the more common log files found in linux.
Example: I have yum.log what module should I use to map this to (in short set var.paths for that module to point to these logs.
It would be really nice to know:
- Where to find a cross reference for files to their respective filebeat module to use to process it.
- Have Elastic generate a cross reference that is either available on their site or as part of the next release documentation for filebeat.
- If someone has actually made a cross reference would they mind sharing it.
Note: Some like user.log are a bit ambiguous should these be processed by the auditd or system module or perhaps some other module.
As always thanks for spending the time to respond to my questions.
Take Care and stay healthy